Abstract
Smart home Internet of Things (IoT) devices are rapidly increasing in popularity, with more households including Internet-connected devices that continuously monitor user activities. In this study, we conduct eleven semi-structured interviews with smart home owners, investigating their reasons for purchasing IoT devices, perceptions of smart home privacy risks, and actions taken to protect their privacy from those external to the home who create, manage, track, or regulate IoT devices and/or their data. We note several recurring themes. First, users' desires for convenience and connectedness dictate their privacy-related behaviors for dealing with external entities, such as device manufacturers, Internet Service Providers, governments, and advertisers. Second, user opinions about external entities collecting smart home data depend on perceived benefit from these entities. Third, users trust IoT device manufacturers to protect their privacy but do not verify that these protections are in place. Fourth, users are unaware of privacy risks from inference algorithms operating on data from non-audio/visual devices. These findings motivate several recommendations for device designers, researchers, and industry standards to better match device privacy features to the expectations and preferences of smart home owners.
- Alessandro Acquisti and Jens Grossklags. 2005. Privacy and rationality in individual decision making. IEEE security & privacy, Vol. 3, 1 (2005), 26--33. Google ScholarDigital Library
- Noah Apthorpe, Dillon Reisman, and Nick Feamster. 2016. A smart home is no castle: privacy vulnerabilities of encrypted IoT traffic. Workshop on Data and Algorithmic Transparency (2016).Google Scholar
- Noah Apthorpe, Yan Shvartzshnaider, Arunesh Mathur, Dillon Reisman, and Nick Feamster. 2018. Discovering Smart Home Internet of Things Privacy Norms Using Contextual Integrity. Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies (2018). Google ScholarDigital Library
- Abdullahi Arabo, Ian Brown, and Fadi El-Moussa. 2012. Privacy in the age of mobility and smart devices in smart homes. In Privacy, Security, Risk and Trust (PASSAT), 2012 International Conference on and 2012 International Confernece on Social Computing (SocialCom). IEEE, 819--826. Google ScholarDigital Library
- Jef Ausloos, Els Kindt, Eva Lievens, Peggy Valcke, and Jos Dumortier. 2013. Guidelines for privacy-friendly default settings. ICRI Research Paper No. 12|2013 (2013).Google Scholar
- Nellie Bowles. 2018. Thermostats, Locks and Lights: Digital Tools of Domestic Abuse. https://www.nytimes.com/2018/06/23/technology/smart-home-devices-domestic-abuse.html. The New York Times (23 June 2018).Google Scholar
- AJ Brush, Bongshin Lee, Ratul Mahajan, Sharad Agarwal, Stefan Saroiu, and Colin Dixon. 2011. Home automation in the wild: challenges and opportunities. In proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2115--2124. Google ScholarDigital Library
- Joseph Bugeja, Andreas Jacobsson, and Paul Davidsson. 2016. On Privacy and Security Challenges in Smart Connected Homes. In Intelligence and Security Informatics Conference (EISIC), 2016 European. IEEE, 172--175.Google Scholar
- Barbara Carminati, Pietro Colombo, Elena Ferrari, and Gokhan Sagirlar. 2016. Enhancing user control on personal data usage in internet of things ecosystems. In Services Computing (SCC), 2016 IEEE International Conference on. IEEE, 291--298.Google ScholarCross Ref
- Deborah Chambers. 2012. A sociology of family life .Polity.Google Scholar
- Marshini Chetty, Ja-Young Sung, and Rebecca E Grinter. 2007. How smart homes learn: The evolution of the networked home and household. In International Conference on Ubiquitous Computing. Springer, 127--144. Google ScholarDigital Library
- Eun Kyoung Choe, Sunny Consolvo, Jaeyeon Jung, Beverly Harrison, and Julie A Kientz. 2011. Living in a glass house: a survey of private moments in the home. In Proceedings of the 13th international conference on Ubiquitous computing. ACM, 41--44. Google ScholarDigital Library
- Mauro Conti, Michele Nati, Enrico Rotundo, and Riccardo Spolaor. 2016. Mind The Plug! Laptop-User Recognition Through Power Consumption. In Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security. ACM, 37--44. Google ScholarDigital Library
- George Demiris, Brian K Hensel, Marjorie Skubic, and Marilyn Rantz. 2008. Senior residents' perceived need of and preferences for “smart home” sensor technologies. International journal of technology assessment in health care, Vol. 24, 1 (2008), 120--124.Google Scholar
- Lina Dencik and Jonathan Cable. 2017. The advent of surveillance realism: Public opinion and activist responses to the Snowden leaks. International Journal of Communication, Vol. 11 (2017), 763--781.Google Scholar
- Serge Egelman. 2009. Trust me: Design patterns for constructing trustworthy trust indicators. Technical Report. Carnegie-Mellon University School of Computer Science.Google Scholar
- Serge Egelman, Lorrie Faith Cranor, and Jason Hong. 2008. You've been warned: an empirical study of the effectiveness of web browser phishing warnings. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 1065--1074. Google ScholarDigital Library
- Murray Goulden, Peter Tolmie, Richard Mortier, Tom Lodge, Anna-Kaisa Pietilainen, and Renata Teixeira. 2018. Living with interpersonal data: observability and accountability in the age of pervasive ICT. New Media & Society, Vol. 20, 4 (2018), 1580--1599.Google ScholarCross Ref
- Glenn Greenwald. 2013. NSA collecting phone records of millions of Verizon customers daily. The Guardian, Vol. 6, 06 (2013), 2013.Google Scholar
- Glenn Greenwald and Ewen MacAskill. 2013. NSA Prism program taps into user data of Apple, Google and others. The Guardian, Vol. 7, 6 (2013), 1--43.Google Scholar
- Broadband Internet Technical Advisory Group. 2016. Internet of Things (IoT) Security and Privacy Recommendations. Technical Report.Google Scholar
- Consumers International. 2017. Testing our trust: consumers and the Internet of Things 2017 review. https://www.consumersinternational.org/media/154746/iot2017review-2nded.pdf .Google Scholar
- Andreas Jacobsson and Paul Davidsson. 2015. Towards a model of privacy and security for smart homes. In Internet of Things (WF-IoT), 2015 IEEE 2nd World Forum on. IEEE, 727--732. Google ScholarDigital Library
- A-Reum Jung. 2017. The influence of perceived ad relevance on social media advertising: An empirical examination of a mediating role of privacy concern. Computers in Human Behavior, Vol. 70 (2017), 303--309. Google ScholarDigital Library
- Ruogu Kang, Laura Dabbish, Nathaniel Fruchter, and Sara Kiesler. 2015. “My data just goes everywhere:” user mental models of the internet and implications for privacy and security. In Symposium on Usable Privacy and Security (SOUPS). USENIX Association Berkeley, CA, 39--52. Google ScholarDigital Library
- Johannes Knoll. 2016. Advertising in social media: a review of empirical evidence. International Journal of Advertising, Vol. 35, 2 (2016), 266--300.Google ScholarCross Ref
- Hosub Lee and Alfred Kobsa. 2016. Understanding user privacy in Internet of Things environments. In 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT). IEEE, 407--412.Google Scholar
- Jialiu Lin, Bin Liu, Norman Sadeh, and Jason I Hong. 2014. Modeling users' mobile app privacy preferences: Restoring usability in a sea of permission settings. In Symposium on Usable Privacy and Security (SOUPS) . Google ScholarDigital Library
- Dominique Machuletz, Henrik Sendt, Stefan Laube, and Rainer Böhme. 2016. Users protect their privacy if they can: Determinants of webcam covering behavior. In Proceedings of the European Workshop on Usable Security (EuroUSEC'16). Internet Society, Reston, VA, USA .Google ScholarCross Ref
- Michelle Madejski, Maritza Johnson, and Steven M Bellovin. 2012. A study of privacy settings errors in an online social network. In Pervasive Computing and Communications Workshops (PERCOM Workshops), 2012 IEEE International Conference on. IEEE, 340--345.Google ScholarCross Ref
- Kirsten Martin and Helen Nissenbaum. 2016. Measuring privacy: an empirical test using context to expose confounding variables. Colum. Sci. & Tech. L. Rev., Vol. 18 (2016), 176.Google Scholar
- Kelly D Martin and Patrick E Murphy. 2017. The role of data privacy in marketing. Journal of the Academy of Marketing Science, Vol. 45, 2 (2017), 135--155.Google ScholarCross Ref
- Simon Mayer, Yassin N Hassan, and Gábor Sörös. 2014. A magic lens for revealing device interactions in smart environments. In SIGGRAPH Asia 2014 Mobile Graphics and Interactive Applications. ACM, 9. Google ScholarDigital Library
- Michelle L Mazurek, JP Arsenault, Joanna Bresee, Nitin Gupta, Iulia Ion, Christina Johns, Daniel Lee, Yuan Liang, Jenny Olsen, Brandon Salmon, et almbox. 2010. Access control for home data sharing: Attitudes, needs and practices. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 645--654. Google ScholarDigital Library
- Faith McCreary, Alexandra Zafiroglu, and Heather Patterson. 2016. The contextual complexity of privacy in smart homes and smart buildings. In International Conference on HCI in Business, Government and Organizations. Springer, 67--78.Google ScholarCross Ref
- Emily McReynolds, Sarah Hubbard, Timothy Lau, Aditya Saraf, Maya Cakmak, and Franziska Roesner. 2017. Toys that listen: A study of parents, children, and internet-connected toys. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems. ACM, 5197--5207. Google ScholarDigital Library
- Andrés Molina-Markham, Prashant Shenoy, Kevin Fu, Emmanuel Cecchet, and David Irwin. 2010. Private memoirs of a smart meter. In Proceedings of the 2nd ACM workshop on embedded sensing systems for energy-efficiency in building. ACM, 61--66. Google ScholarDigital Library
- Pardis Emami Naeini, Sruti Bhagavatula, Hana Habib, Martin Degeling, Lujo Bauer, Lorrie Cranor, and Norman Sadeh. 2017. Privacy Expectations and Preferences in an IoT World. In Symposium on Usable Privacy and Security (SOUPS) . Google ScholarDigital Library
- Johannes Obermaier and Martin Hutle. 2016. Analyzing the security and privacy of cloud-based video surveillance systems. In Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security. ACM, 22--28. Google ScholarDigital Library
- Aafaf Ouaddah, Hajar Mousannif, Anas Abou Elkalam, and Abdellah Ait Ouahman. 2017. Access control in the Internet of things: big challenges and new opportunities. Computer Networks, Vol. 112 (2017), 237--262. Google ScholarDigital Library
- Charith Perera, Ciaran McCormick, Arosha K Bandara, Blaine A Price, and Bashar Nuseibeh. 2016. Privacy-by-Design Framework for Assessing Internet of Things Applications and Platforms. In Proceedings of the 6th International Conference on the Internet of Things. ACM, 83--92. Google ScholarDigital Library
- Rebecca S Portnoff, Linda N Lee, Serge Egelman, Pratyush Mishra, Derek Leung, and David Wagner. 2015. Somebody's watching me?: Assessing the effectiveness of webcam indicator lights. In Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems. ACM, 1649--1658. Google ScholarDigital Library
- Georg Regal, Elke Mattheiss, Marc Busch, and Manfred Tscheligi. 2016. Insights into Internet Privacy for Visually Impaired and Blind People. In International Conference on Computers Helping People with Special Needs. Springer, 231--238.Google ScholarCross Ref
- Everett M Rogers. 2010. Diffusion of innovations .Simon and Schuster.Google Scholar
- Jan H Schumann, Florian von Wangenheim, and Nicole Groene. 2014. Targeted online advertising: Using reciprocity appeals to increase acceptance among users of free web services. Journal of Marketing, Vol. 78, 1 (2014), 59--75.Google ScholarCross Ref
- Irving Seidman. 2013. Interviewing as qualitative research: A guide for researchers in education and the social sciences .Teachers college press.Google Scholar
- Pan Shi, Heng Xu, and Xiaolong Luke Zhang. 2011. Informing security indicator design in web browsers. In Proceedings of the 2011 iConference. ACM, 569--575. Google ScholarDigital Library
- Anna Kornfeld Simpson, Franziska Roesner, and Tadayoshi Kohno. 2017. Securing vulnerable home IoT devices with an in-hub security manager. In Pervasive Computing and Communications Workshops (PerCom Workshops), 2017 IEEE International Conference on. IEEE, 551--556.Google ScholarCross Ref
- Vijay Sivaraman, Hassan Habibi Gharakheili, Arun Vishwanath, Roksana Boreli, and Olivier Mehani. 2015. Network-level security and privacy control for smart-home IoT devices. In Wireless and Mobile Computing, Networking and Communications (WiMob), 2015 IEEE 11th International Conference on. IEEE, 163--167.Google Scholar
- Vijay Srinivasan, John Stankovic, and Kamin Whitehouse. 2008. Protecting your daily in-home activity information from a wireless snooping attack. In Proceedings of the 10th international conference on Ubiquitous computing. ACM, 202--211. Google ScholarDigital Library
- Murray A Straus, Richard J Gelles, and Suzanne K Steinmetz. 2017. Behind closed doors: Violence in the American family .Routledge.Google Scholar
- Peter Tolmie, Andy Crabtree, Tom Rodden, James Colley, and Ewa Luger. 2016. “This has to be the cats”: Personal Data Legibility in Networked Sensing Systems. In Proceedings of the 19th ACM Conference on Computer-Supported Cooperative Work & Social Computing. ACM, 491--502. Google ScholarDigital Library
- Daphne Townsend, Frank Knoefel, and Rafik Goubran. 2011. Privacy versus autonomy: a tradeoff model for smart home monitoring technologies. In Engineering in Medicine and Biology Society, EMBC, 2011 Annual International Conference of the IEEE. IEEE, 4749--4752.Google Scholar
- Catherine E Tucker. 2014. Social networks, personalized advertising, and privacy controls. Journal of Marketing Research, Vol. 51, 5 (2014), 546--562.Google ScholarCross Ref
- Joseph Turow, Michael Hennessy, Nora Draper, Ope Akanbi, and Diami Virgilio. 2018. Divided We Feel: Partisan Politics Drive American's Emotions Regarding Surveillance of Low-Income Populations. (2018).Google Scholar
- Emmanuel Sebastian Udoh and Abdulwahab Alkharashi. 2016. Privacy risk awareness and the behavior of smartwatch users: A case study of Indiana University students. In Future Technologies Conference (FTC). IEEE, 926--931.Google ScholarCross Ref
- Daisuke Wakabayashi. 2018. California Passes Sweeping Law to Protect Online Privacy. https://www.nytimes.com/2018/06/28/technology/california-online-privacy-law.html. The New York Times (28 June 2018).Google Scholar
- R Wang. 2013. June 10. Beware trading privacy for convenience. http://blogs.hbr.org/2013/06/beware-tradingprivacy-for-con. Harvard Business Review (2013).Google Scholar
- Meredydd Williams, Jason RC Nurse, and Sadie Creese. 2016. The perfect storm: The privacy paradox and the Internet-of-Things. In Availability, Reliability and Security (ARES), 2016 11th International Conference on. IEEE, 644--652.Google ScholarCross Ref
- Jong-bum Woo and Youn-kyung Lim. 2015. User experience in do-it-yourself-style smart homes. In Proceedings of the 2015 ACM international joint conference on pervasive and ubiquitous computing. ACM, 779--790. Google ScholarDigital Library
- Allison Woodruff, Sally Augustin, and Brooke Foucault. 2007. Sabbath day home automation: it's like mixing technology and religion. In Proceedings of the SIGCHI conference on Human factors in computing systems. ACM, 527--536. Google ScholarDigital Library
- Peter Worthy, Ben Matthews, and Stephen Viller. 2016. Trust me: doubts and concerns living with the internet of things. In Proceedings of the 2016 ACM Conference on Designing Interactive Systems. ACM, 427--434. Google ScholarDigital Library
- Jie Wu, Jinglan Liu, Xiaobo Sharon Hu, and Yiyu Shi. 2016. Privacy protection via appliance scheduling in smart homes. In Computer-Aided Design (ICCAD), 2016 IEEE/ACM International Conference on. IEEE, 1--6. Google ScholarDigital Library
- Rayoung Yang and Mark W Newman. 2013. Learning from a learning thermostat: lessons for intelligent systems for the home. In Proceedings of the 2013 ACM international joint conference on Pervasive and ubiquitous computing. ACM, 93--102. Google ScholarDigital Library
- Eric Zeng, Shrirang Mare, and Franziska Roesner. 2017. End user security & privacy concerns with smart homes. In Symposium on Usable Privacy and Security (SOUPS) . Google ScholarDigital Library
- Yu-Qian Zhu and Jung-Hua Chang. 2016. The key role of relevance in personalized advertisement: Examining its impact on perceptions of privacy invasion, self-awareness, and continuous use intentions. Computers in Human Behavior, Vol. 65 (2016), 442--447. Google ScholarDigital Library
Index Terms
- User Perceptions of Smart Home IoT Privacy
Recommendations
Privacy Lessons Learnt from Deploying an IoT Ecosystem in the Home
EuroUSEC '22: Proceedings of the 2022 European Symposium on Usable SecurityStudies of privacy perception in the Internet of Things (IoT) include in-laboratory evaluations as well as investigations of purchase decisions, deployment, and long-term use. In this study, we implemented identical IoT configurations in eight ...
User-Centric Privacy Controls for Smart Homes
CSCWThe widespread adoption of smart home devices (SHD) has increased privacy concerns among users, yet user-friendly controls are lacking. While there is a large body of research focused on understanding privacy concerns and threat models of SHD users, ...
Smart Home Security and Privacy Mitigations: Consumer Perceptions, Practices, and Challenges
HCI for Cybersecurity, Privacy and TrustAbstractAs smart home technology is becoming pervasive, smart home devices are increasingly being used by non-technical users who may have little understanding of the technology or how to properly mitigate privacy and security risks. To better inform ...
Comments